[Fedora-directory-devel] userPassword/sambaNTPassword synchronization
Richard Megginson
rmeggins at redhat.com
Tue May 9 13:28:35 UTC 2006
Jonathan Barber wrote:
> Hi,
> I'm currently looking at using FDS as a backend for Samba 3. The
> issue I have is with sync'ing of the userpassword, sambaNTPassword, and
> sambaLMPassword attributes, so that each of our user's accounts have
> consistant password for each attribute.
>
> Samba can be configured to change all three of these attributes when
> it recieves a password change request (the "ldap passwd sync"
> directive), but when the passwords are changed outwith samba (FDS
> console, ldappasswd, etc.), the passwords lose sync. It therefore seems
> sensible to write a FDS plugin to intercept password modification
> attempts, and for the plugin to create all of the required hashes.
>
> Before starting, I thought it'd be sensible to see if:
> 1) It was a good idea, or is there something blindingly obvious I've
> missed which means it won't work.
This is an excellent idea, and the community would greatly appreciate it.
> 2) Is there any ongoing work in this area that I can contribute to
> rather than rolling my own.
>
Not that I know of.
> WRT 2) I've seen the openldap smbk5pwd overlay, which does what I want,
> but appears to be openldap specific.
>
Yes, it is openldap specific. Although the openldap code license does
not preclude the inclusion of code into fedora ds, the APIs are very
different, so there may be little chance of code reuse. You can
probably reuse the code that does the actual password encryption, the
algorithms for NT and LM passwords. Or you can get them from the samba
code.
You might take a look at an existing post-op plugin, like the
referential integrity plugin, to use as a template for this one.
> Any comments?
>
> Cheers.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20060509/6793429e/attachment.bin>
More information about the Fedora-directory-devel
mailing list